-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Exploit Prevention capability announcement on remote config #7586
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 48 metrics, 15 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.40.0-SNAPSHOT~2494e8ac61, baseline=1.40.0-SNAPSHOT~1d59e612a6
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.051 s) : 0, 1051430
Total [baseline] (8.512 s) : 0, 8512075
Agent [candidate] (1.053 s) : 0, 1052622
Total [candidate] (8.499 s) : 0, 8498799
section iast
Agent [baseline] (1.174 s) : 0, 1173549
Total [baseline] (8.995 s) : 0, 8994605
Agent [candidate] (1.183 s) : 0, 1182898
Total [candidate] (8.978 s) : 0, 8978447
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.173 s) : 0, 1173165
Total [baseline] (8.941 s) : 0, 8940858
Agent [candidate] (1.183 s) : 0, 1183488
Total [candidate] (8.944 s) : 0, 8943982
section iast_TELEMETRY_OFF
Agent [baseline] (1.172 s) : 0, 1171863
Total [baseline] (8.966 s) : 0, 8965967
Agent [candidate] (1.178 s) : 0, 1178496
Total [candidate] (8.989 s) : 0, 8989425
gantt
title insecure-bank - break down per module: candidate=1.40.0-SNAPSHOT~2494e8ac61, baseline=1.40.0-SNAPSHOT~1d59e612a6
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (670.751 ms) : 0, 670751
BytebuddyAgent [candidate] (671.808 ms) : 0, 671808
GlobalTracer [baseline] (307.868 ms) : 0, 307868
GlobalTracer [candidate] (307.674 ms) : 0, 307674
AppSec [baseline] (51.101 ms) : 0, 51101
AppSec [candidate] (51.338 ms) : 0, 51338
Remote Config [baseline] (684.604 µs) : 0, 685
Remote Config [candidate] (684.558 µs) : 0, 685
Telemetry [baseline] (7.478 ms) : 0, 7478
Telemetry [candidate] (7.549 ms) : 0, 7549
section iast
BytebuddyAgent [baseline] (780.783 ms) : 0, 780783
BytebuddyAgent [candidate] (787.108 ms) : 0, 787108
GlobalTracer [baseline] (295.398 ms) : 0, 295398
GlobalTracer [candidate] (297.962 ms) : 0, 297962
AppSec [baseline] (53.954 ms) : 0, 53954
AppSec [candidate] (54.271 ms) : 0, 54271
IAST [baseline] (21.795 ms) : 0, 21795
IAST [candidate] (21.854 ms) : 0, 21854
Remote Config [baseline] (645.258 µs) : 0, 645
Remote Config [candidate] (624.331 µs) : 0, 624
Telemetry [baseline] (7.391 ms) : 0, 7391
Telemetry [candidate] (7.39 ms) : 0, 7390
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (779.343 ms) : 0, 779343
BytebuddyAgent [candidate] (787.339 ms) : 0, 787339
GlobalTracer [baseline] (295.947 ms) : 0, 295947
GlobalTracer [candidate] (298.746 ms) : 0, 298746
AppSec [baseline] (53.016 ms) : 0, 53016
AppSec [candidate] (51.628 ms) : 0, 51628
IAST [baseline] (21.835 ms) : 0, 21835
IAST [candidate] (22.624 ms) : 0, 22624
Remote Config [baseline] (611.42 µs) : 0, 611
Remote Config [candidate] (591.97 µs) : 0, 592
Telemetry [baseline] (8.816 ms) : 0, 8816
Telemetry [candidate] (8.858 ms) : 0, 8858
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (778.608 ms) : 0, 778608
BytebuddyAgent [candidate] (782.773 ms) : 0, 782773
GlobalTracer [baseline] (295.672 ms) : 0, 295672
GlobalTracer [candidate] (297.718 ms) : 0, 297718
AppSec [baseline] (53.736 ms) : 0, 53736
AppSec [candidate] (52.23 ms) : 0, 52230
IAST [baseline] (21.565 ms) : 0, 21565
IAST [candidate] (24.216 ms) : 0, 24216
Remote Config [baseline] (589.979 µs) : 0, 590
Remote Config [candidate] (589.938 µs) : 0, 590
Telemetry [baseline] (8.079 ms) : 0, 8079
Telemetry [candidate] (7.277 ms) : 0, 7277
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.40.0-SNAPSHOT~2494e8ac61, baseline=1.40.0-SNAPSHOT~1d59e612a6
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.054 s) : 0, 1054057
Total [baseline] (10.442 s) : 0, 10442450
Agent [candidate] (1.058 s) : 0, 1058212
Total [candidate] (10.478 s) : 0, 10477819
section appsec
Agent [baseline] (1.183 s) : 0, 1183454
Total [baseline] (10.59 s) : 0, 10590402
Agent [candidate] (1.187 s) : 0, 1186892
Total [candidate] (10.614 s) : 0, 10613968
section iast
Agent [baseline] (1.185 s) : 0, 1185147
Total [baseline] (10.841 s) : 0, 10840539
Agent [candidate] (1.183 s) : 0, 1182977
Total [candidate] (10.859 s) : 0, 10859313
section profiling
Agent [baseline] (1.271 s) : 0, 1270891
Total [baseline] (10.6 s) : 0, 10599853
Agent [candidate] (1.248 s) : 0, 1247974
Total [candidate] (10.605 s) : 0, 10604958
gantt
title petclinic - break down per module: candidate=1.40.0-SNAPSHOT~2494e8ac61, baseline=1.40.0-SNAPSHOT~1d59e612a6
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (672.409 ms) : 0, 672409
BytebuddyAgent [candidate] (674.431 ms) : 0, 674431
GlobalTracer [baseline] (308.284 ms) : 0, 308284
GlobalTracer [candidate] (310.32 ms) : 0, 310320
AppSec [baseline] (51.551 ms) : 0, 51551
AppSec [candidate] (51.658 ms) : 0, 51658
Remote Config [baseline] (685.33 µs) : 0, 685
Remote Config [candidate] (705.749 µs) : 0, 706
Telemetry [baseline] (7.514 ms) : 0, 7514
Telemetry [candidate] (7.488 ms) : 0, 7488
section appsec
BytebuddyAgent [baseline] (691.054 ms) : 0, 691054
BytebuddyAgent [candidate] (691.942 ms) : 0, 691942
GlobalTracer [baseline] (300.867 ms) : 0, 300867
GlobalTracer [candidate] (302.092 ms) : 0, 302092
AppSec [baseline] (158.908 ms) : 0, 158908
AppSec [candidate] (160.28 ms) : 0, 160280
Remote Config [baseline] (627.552 µs) : 0, 628
Remote Config [candidate] (629.341 µs) : 0, 629
Telemetry [baseline] (8.539 ms) : 0, 8539
Telemetry [candidate] (8.232 ms) : 0, 8232
IAST [baseline] (19.749 ms) : 0, 19749
IAST [candidate] (20.219 ms) : 0, 20219
section iast
BytebuddyAgent [baseline] (788.898 ms) : 0, 788898
BytebuddyAgent [candidate] (787.109 ms) : 0, 787109
GlobalTracer [baseline] (298.252 ms) : 0, 298252
GlobalTracer [candidate] (297.84 ms) : 0, 297840
AppSec [baseline] (51.313 ms) : 0, 51313
AppSec [candidate] (52.913 ms) : 0, 52913
Remote Config [baseline] (657.756 µs) : 0, 658
Remote Config [candidate] (622.796 µs) : 0, 623
Telemetry [baseline] (7.331 ms) : 0, 7331
Telemetry [candidate] (8.107 ms) : 0, 8107
IAST [baseline] (25.007 ms) : 0, 25007
IAST [candidate] (22.702 ms) : 0, 22702
section profiling
BytebuddyAgent [baseline] (677.498 ms) : 0, 677498
BytebuddyAgent [candidate] (666.081 ms) : 0, 666081
GlobalTracer [baseline] (396.946 ms) : 0, 396946
GlobalTracer [candidate] (388.578 ms) : 0, 388578
AppSec [baseline] (52.786 ms) : 0, 52786
AppSec [candidate] (52.106 ms) : 0, 52106
Remote Config [baseline] (696.225 µs) : 0, 696
Remote Config [candidate] (680.847 µs) : 0, 681
Telemetry [baseline] (7.509 ms) : 0, 7509
Telemetry [candidate] (7.375 ms) : 0, 7375
ProfilingAgent [baseline] (96.648 ms) : 0, 96648
ProfilingAgent [candidate] (95.314 ms) : 0, 95314
Profiling [baseline] (96.671 ms) : 0, 96671
Profiling [candidate] (95.339 ms) : 0, 95339
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 18 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~2494e8ac61, baseline=1.40.0-SNAPSHOT~1d59e612a6
dateFormat X
axisFormat %s
section baseline
no_agent (368.103 µs) : 348, 388
. : milestone, 368,
iast (483.534 µs) : 461, 506
. : milestone, 484,
iast_FULL (547.767 µs) : 527, 569
. : milestone, 548,
iast_GLOBAL (505.142 µs) : 483, 528
. : milestone, 505,
iast_HARDCODED_SECRET_DISABLED (477.874 µs) : 456, 500
. : milestone, 478,
iast_INACTIVE (446.913 µs) : 425, 468
. : milestone, 447,
iast_TELEMETRY_OFF (470.773 µs) : 448, 493
. : milestone, 471,
tracing (436.957 µs) : 416, 457
. : milestone, 437,
section candidate
no_agent (360.456 µs) : 341, 380
. : milestone, 360,
iast (479.724 µs) : 458, 501
. : milestone, 480,
iast_FULL (549.618 µs) : 528, 571
. : milestone, 550,
iast_GLOBAL (500.05 µs) : 479, 521
. : milestone, 500,
iast_HARDCODED_SECRET_DISABLED (484.989 µs) : 464, 506
. : milestone, 485,
iast_INACTIVE (443.606 µs) : 423, 464
. : milestone, 444,
iast_TELEMETRY_OFF (474.332 µs) : 451, 497
. : milestone, 474,
tracing (436.202 µs) : 416, 457
. : milestone, 436,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~2494e8ac61, baseline=1.40.0-SNAPSHOT~1d59e612a6
dateFormat X
axisFormat %s
section baseline
no_agent (1.353 ms) : 1334, 1372
. : milestone, 1353,
appsec (1.717 ms) : 1693, 1742
. : milestone, 1717,
appsec_no_iast (1.747 ms) : 1723, 1771
. : milestone, 1747,
iast (1.484 ms) : 1461, 1506
. : milestone, 1484,
profiling (1.476 ms) : 1453, 1500
. : milestone, 1476,
tracing (1.466 ms) : 1442, 1491
. : milestone, 1466,
section candidate
no_agent (1.338 ms) : 1319, 1357
. : milestone, 1338,
appsec (1.739 ms) : 1715, 1764
. : milestone, 1739,
appsec_no_iast (1.713 ms) : 1688, 1737
. : milestone, 1713,
iast (1.47 ms) : 1448, 1493
. : milestone, 1470,
profiling (1.474 ms) : 1452, 1497
. : milestone, 1474,
tracing (1.458 ms) : 1433, 1482
. : milestone, 1458,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~2494e8ac61, baseline=1.40.0-SNAPSHOT~1d59e612a6
dateFormat X
axisFormat %s
section baseline
no_agent (1.465 ms) : 1454, 1477
. : milestone, 1465,
appsec (2.23 ms) : 2195, 2265
. : milestone, 2230,
iast (1.978 ms) : 1935, 2021
. : milestone, 1978,
iast_GLOBAL (2.033 ms) : 1989, 2078
. : milestone, 2033,
profiling (1.857 ms) : 1823, 1891
. : milestone, 1857,
tracing (1.849 ms) : 1816, 1883
. : milestone, 1849,
section candidate
no_agent (1.458 ms) : 1446, 1469
. : milestone, 1458,
appsec (2.24 ms) : 2205, 2276
. : milestone, 2240,
iast (1.987 ms) : 1945, 2030
. : milestone, 1987,
iast_GLOBAL (2.019 ms) : 1976, 2063
. : milestone, 2019,
profiling (1.873 ms) : 1837, 1909
. : milestone, 1873,
tracing (1.844 ms) : 1811, 1877
. : milestone, 1844,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~2494e8ac61, baseline=1.40.0-SNAPSHOT~1d59e612a6
dateFormat X
axisFormat %s
section baseline
no_agent (15.429 s) : 15429000, 15429000
. : milestone, 15429000,
appsec (15.376 s) : 15376000, 15376000
. : milestone, 15376000,
iast (18.713 s) : 18713000, 18713000
. : milestone, 18713000,
iast_GLOBAL (18.018 s) : 18018000, 18018000
. : milestone, 18018000,
profiling (15.09 s) : 15090000, 15090000
. : milestone, 15090000,
tracing (14.995 s) : 14995000, 14995000
. : milestone, 14995000,
section candidate
no_agent (15.022 s) : 15022000, 15022000
. : milestone, 15022000,
appsec (15.382 s) : 15382000, 15382000
. : milestone, 15382000,
iast (18.927 s) : 18927000, 18927000
. : milestone, 18927000,
iast_GLOBAL (17.812 s) : 17812000, 17812000
. : milestone, 17812000,
profiling (15.895 s) : 15895000, 15895000
. : milestone, 15895000,
tracing (15.261 s) : 15261000, 15261000
. : milestone, 15261000,
|
jandro996
approved these changes
Sep 10, 2024
ValentinZakharov
approved these changes
Sep 10, 2024
smola
added a commit
that referenced
this pull request
Sep 23, 2024
(cherry picked from commit 5f325b0)
5 tasks
smola
added a commit
that referenced
this pull request
Sep 23, 2024
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Fix Exploit Prevention (aka RASP) capability announcement for remote configuration. For v1.39.0, this has been addressed in the backend with a capability override. For v1.40.0+, we'll properly announce the capabilities, including not announcing them if the user sets
DD_APPSEC_RASP_ENABLED=false
.Motivation
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issue[ ] Update the public documentation in case of new configuration flag or behavior